2 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. Blue Coat K9 Web Protection 4.0.230 Beta basado en el JavaScript del cliente como mecanismo de proteccion, permite a atacantes remotos evitar la autenticación y el acceso a (1) summary, (2) detail, (3) overrides, and (4) pwemail desactivando el JavaScript. • http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html http://seclists.org/fulldisclosure/2008/Oct/0070.html http://www.securityfocus.com/bid/31584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45696 • CWE-287: Improper Authentication •

CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 0

Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field. Múltiples desbordamientos de búfer basados en pila del servicio de filtros (aka k9filter.exe) en Blue Coat K9 Web Protection 3.2.44 con Filter 3.2.32 permite (1) a atacantes remotos ejecutar código arbitrariamente mediante una cabecera larga HTTP Referer al interfaz web K9 Web Protection Administration y (2) a los atacantes "man-in-the-middle" ejecutar código de su elección a través de una respuesta con una versión de campo HTTP larga. • http://secunia.com/advisories/25813 http://secunia.com/secunia_research/2007-61/advisory http://secunia.com/secunia_research/2007-64/advisory http://www.securityfocus.com/archive/1/494975/100/0/threaded http://www.securityfocus.com/archive/1/494984/100/0/threaded http://www.securityfocus.com/bid/30463 http://www.securityfocus.com/bid/30464 http://www.securitytracker.com/id?1020587 http://www.securitytracker.com/id?1020588 http://www.vupen.com/english/advisories/2008/2263/r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •